Made authorization on Servlet . As I later found out, Weblogic itself can regulate / block the user. How can I find out if the current user is blocked? A little google write that there is such a method isLockedOut but I did not understand how to use it. my code is:

 @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("application/json;charset=UTF-8"); try (PrintWriter out = response.getWriter()) { try { String result = getCountLoginAttemp(request, false); if (result != null) { out.print(getResultGsonString(false, result)); return; } String j_username = request.getParameter("j_username"); String j_password = request.getParameter("j_password"); if (isNullOrEmpty(j_username) || isNullOrEmpty(j_password)) { out.print(getResultGsonString(false, "Не все параметры заполнены")); return; } if (request.getUserPrincipal() != null) { request.logout(); } request.login(j_username, Crypt.MD5(j_password)); Users user = userControlLocal.getUserByUName(j_username); if (user != null) { HttpSession session = request.getSession(true); session.setAttribute(USER, user); out.print(getResultGsonString(true, null)); } } catch (Exception e) { //UserLockoutManagerRuntimeMBean.isLockedOut(""); String result = getCountLoginAttemp(request, true); if (result == null) { result = "Ошибка авторизации"; } out.print(getResultGsonString(false, result)); //logger.error("error", e); } } } private static String getCountLoginAttemp(HttpServletRequest request, boolean itr) { HttpSession session = request.getSession(); Integer loginAttempt = (Integer) session.getAttribute("loginCount"); if (loginAttempt == null) { loginAttempt = 1; } if (loginAttempt > loginAttemptCount - 1) { StringBuilder err = new StringBuilder(); err.append("Количество попыток неправильного ввода пароли превысило ") .append(loginAttemptCount) .append(". Следующая попытка через "); Long s = (Long) session.getAttribute("loginTime"); if (s != null) { Long res = new Date().getTime() / 1000 - s; if (res > 0 && res < 60 * loginAttemptTime) { return err.append((loginAttemptTime - 1) - (res / 60)).append(" мин ").append(59 - (res % 60)).append(" секунд").toString(); } else { session.setAttribute("loginTime", null); session.setAttribute("loginCount", 1); } } else { session.setAttribute("loginTime", new Date().getTime() / 1000); return err.append(loginAttemptTime).append(" мин").toString(); } } else if (itr) { loginAttempt++; session.setAttribute("loginCount", loginAttempt); } return null; }
  • If we are talking about the weblogic.management.runtime.UserLockoutManagerRuntimeMBean#isLockedOut(String) method, then it is unlikely to be useful to you since UserLockoutManagerRuntimeMBean used to manage WebLogic domain user accounts through JMX. In your case, as far as I understand, we are talking about users in the context of a web application. - Sergey Bespalov
  • Tell me how can I do this? - HELO WORD
  • what exactly do you want to do? - Sergey Bespalov
  • to find out from weblogic a user is blocked / not blocked - HELO WORD
  • On the one hand, WebLogic does not know anything about the users of your application, on the other hand, it seems to me a strange idea to integrate your application with the WebLogic domain in order to work with users. Try looking towards SpringSecurity. Here is described a method of blocking users after several failed authorization attempts: - Sergey Bespalov

0